#70284 - 2002-09-26 09:07 PM
ENUMGROUP Question
|
ElGuapo
Starting to like KiXtart
Registered: 2002-06-19
Posts: 100
|
I want to get all users in an ou, check their group membership and manipulate some of their properties based upon group membership.
While I can read the members of the OU, I cannot get the checking of their group membership to work. Can you help me out please?
$ou = olegetobject(0,"LDAP://OU=texas,ou=sales,DC=mycompany,DC=net")
$enum = oleenumobject($ou)
$object = oleenumobject($ou,$enum)
while $object
if olegetproperty($object,"class") = "user"
$name = olegetproperty($object,"name")
$group = ""
$groupcount = 0
do
$group = ENUMGROUP($groupcount)
until len($group) = 0
endif
$object = oleenumobject($ou,$enum)
loop
exit
|
|
Top
|
|
|
|
|
#70285 - 2002-09-26 09:08 PM
Re: ENUMGROUP Question
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
|
|
Top
|
|
|
|
|
#70286 - 2002-09-26 09:13 PM
Re: ENUMGROUP Question
|
ElGuapo
Starting to like KiXtart
Registered: 2002-06-19
Posts: 100
|
3.61 in a pure Windows 2000 domain.
|
|
Top
|
|
|
|
|
#70287 - 2002-09-26 09:17 PM
Re: ENUMGROUP Question
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
I would recommend upgrading to 4.02 or better. The COM in the newer version is much better and would make this a piece of cake.
|
|
Top
|
|
|
|
|
#70288 - 2002-09-26 09:25 PM
Re: ENUMGROUP Question
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
4.02 or wait for 4.12 to go gold.
skip 4.10 and 4.11
|
|
Top
|
|
|
|
|
#70289 - 2002-09-26 09:26 PM
Re: ENUMGROUP Question
|
ElGuapo
Starting to like KiXtart
Registered: 2002-06-19
Posts: 100
|
I'll work on upgrading, but don't see that happening right away. Any help available until then?
|
|
Top
|
|
|
|
|
#70290 - 2002-09-26 09:27 PM
Re: ENUMGROUP Question
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
Enumgroup only enumerates the groups for the current user.
|
|
Top
|
|
|
|
|
#70291 - 2002-09-26 09:31 PM
Re: ENUMGROUP Question
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
there are really only a few people here that a real grip on olefunction...
the COM in 4.02+ has taken off like wildfire.
see the function Groupmembers() in the UDF forum for a great example in the direction you need.
|
|
Top
|
|
|
|
|
#70292 - 2002-09-26 09:31 PM
Re: ENUMGROUP Question
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
It sounds to me like you are running this script from your desktop to collect information. You can install a newer version on your computer only to execute this code.
code:
$ou = GetObject("LDAP://DomainName/OU=texas,ou=sales,DC=mycompany,DC=net")
Dim $Filter[0]
$Filter[0] = "user"
$ou.Filter = $Filter
for each $account in $ou
$name = $account.Name
$groups = $account.groups
foreach $group in $groups
? $group.Name
next
next
{edit} Added "Name" property to " ? group.Name"
Some additional code you could leverage.
code:
;FUNCTION GetGroups()
;
;AUTHOR Howard A. Bullock (habullock@comcast.net)
;
;ACTION Retrieves groups to which the specified account is a member.
;
;SYNTAX GetGroups($Domain, $Account, optional $Suppress)
;
;PARAMETERS $Domain (Required) - String value
; $Account (Required) - String value
; $Suppress (Optional) - Integer value [0|1] Default = 0
;
;REMARKS When a non-zero value is supplied for $Suppress, The screen output
; is omitted.
;
; Note: ADS_GROUP_TYPE_SECURITY_ENABLED is not shown using WinNT://
; only security groups exists in NT4 (WinNT://)
;
;RETURNS Two-Dimensional Array.
; 0,x = Group Name
; 1,x = Group Type
; x = number of groups
;
;DEPENDENCIES KiXtart 4.11
;
;EXAMPLES $Groups = GetGroups("Domain", @wksta + "$$") for the computer account
; $Groups = GetGroups("Domain", "User1") for a user account
;
Function GetGroups($Domain, $Account, optional $Suppress)
; Group Types
; ADS_GROUP_TYPE_GLOBAL_GROUP = 0x00000002,
; ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = 0x00000004,
; ADS_GROUP_TYPE_LOCAL_GROUP = 0x00000004,
; ADS_GROUP_TYPE_UNIVERSAL_GROUP = 0x00000008,
; ADS_GROUP_TYPE_SECURITY_ENABLED = 0x80000000
;
Dim $Groups[1,0], $i, $x, $Type[8]
$Type[2] = "GLOBAL_GROUP"
$Type[4] = "LOCAL_GROUP"
$Type[8] = "UNIVERSAL_GROUP"
$oAccount=getobject("WinNT://$Domain/$Account,user")
$x = -1
For Each $group In $oAccount.Groups
$x = $x + 1
ReDim Preserve $Groups[1,$x]
; Class is always 'Group'
; $class = $group.Class
$Groups[0,$x] = $group.Name
$Groups[1,$x] = $Type[$group.groupType]
Next
$GetGroups = $Groups
if not $Suppress
$x = ubound($Groups,2)
? $Domain + "\" + $Account + " is a member of " + ($x+1) + " groups."
For $i=0 to $x
? " '" + $Groups[0,$i] + "' (" + $Groups[1,$i] + ")"
Next
Endif
EndFunction
[ 27. September 2002, 00:03: Message edited by: Howard Bullock ]
|
|
Top
|
|
|
|
|
#70293 - 2002-09-26 09:38 PM
Re: ENUMGROUP Question
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
I'd modify getgroups() a bit...
i'd make $domain optional, and put a 'if not $domain $domain=@ldomain endif' in it.
Just to make 1 less parameter for those that only have 1 domain to work with.
Other than that, it looks much tighter than GroupMembers()
It is going into my UDF toolbox... :-)
|
|
Top
|
|
|
|
|
#70294 - 2002-09-26 09:46 PM
Re: ENUMGROUP Question
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
Radimus, good suggestion. I will incorporate it and update the copy in the UDF Library in the next couple days.
Also I do not know if the WinNT:// provider can get the Universal groups as I do not have a native mode W2K domain yet. This may have to be adjusted to use LDAP://. This would require the use of TranslateName() UDF if you only had the netbios Domain name and an account.
|
|
Top
|
|
|
|
|
#70295 - 2002-09-26 09:53 PM
Re: ENUMGROUP Question
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
and not to be nit picky about it, I'd also pull out the $suppress/display section.
I prefer to make function single purpose only...
but perhaps make a second function to handle the display of the groups if necessary.
But I can see how and why you included it... I would have probably built it that way myself.
|
|
Top
|
|
|
|
|
#70296 - 2002-09-26 10:12 PM
Re: ENUMGROUP Question
|
ElGuapo
Starting to like KiXtart
Registered: 2002-06-19
Posts: 100
|
HB, Thank you for the ideas and suggestions. I installed kix 411 on my desktop (great idea).
The code you suggested works for name but group returns only empty fields. What am I doing wrong?
BREAK ON
$ou = GetObject("LDAP://mycompany.com/ou=texas,ou=sales,DC=mycompany,DC=com")
Dim $Filter[0]
$Filter[0] = "user"
$ou.Filter = $Filter
for each $account in $ou
$name = $account.name
? "name = $name"
$groups = $account.groups
for each $group in $groups
? "group = $group"
next
next
|
|
Top
|
|
|
|
|
#70297 - 2002-09-26 10:23 PM
Re: ENUMGROUP Question
|
ElGuapo
Starting to like KiXtart
Registered: 2002-06-19
Posts: 100
|
Figured it out. Thanks to all.
Dim $Filter[0]
$Filter[0] = "user"
$ou.Filter = $Filter
for each $account in $ou
$name = $account.name
? "name = $name"
$groups = $account.groups
for each $group in $groups
$groupname = $group.name
?"groupname = $groupname"
IF $groupname = "TxSales"
?"YES"
ENDIF
next
next
|
|
Top
|
|
|
|
Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart
|
1 registered
(Allen)
and 1198 anonymous users online.
|
|
|
